Some embodiments described herein relate to the general field of telecommunications, and in particular to so-called “cloud” computer systems also referred to as “cloud computing” systems.
Particular embodiments described herein relate to a user accessing computer resources made available to the user by a cloud computing system.
According to the definition given by the National Institute of Standards and Technology (NIST), cloud computing is a model that enables users to have on-demand self-service access via a network to computer resources and networks such as storage space, computation power, applications, software, or indeed services, that are virtualized (i.e. made virtual) and pooled (i.e. shared).
In other words, the computer resources and networks are no longer on a local server of an entity or on a user station, but rather, in accordance with the cloud computing concept, they are “dematerialized” in a “cloud” made up of a plurality of mutually interconnected remote servers that are accessible by users via a network application. Users can thus have access to these resources in a manner that varies over time, but without any need to manage the underlying infrastructure for managing the resources, which is often complex.
The concept of cloud computing is described in detail in the document published by the International Telecommunications Union (ITU) entitled “FG cloud TR, Version 1.0—Part 1: Introduction to the cloud ecosystem: definitions, taxonomies, use cases, and high-level requirements”, February 2012.
In known manner, cloud computing benefits from numerous advantages:                flexibility and diversity of resources, which are pooled and practically unlimited;        possible upgradeability of resources, provided on demand;        simple and automatic administration of computer infrastructures and business networks, with associated reduction in administration costs;        etc.        
A major issue in the cloud computing concept is nevertheless guaranteeing secure and protected access to the resources.
Converting from a conventional computer environment that is secure and closed, to an infrastructure in a cloud that is open and pooled, over which the user or the business has no control, and which is accessible via a telecommunications network such as the public Internet, which is particularly vulnerable and is continuously being subjected to computer piracy and attacks, naturally gives rise to security concerns with potential users.
Access control thus appears nowadays to the ITU as being the fundamental means for securing access to cloud computer systems.
Numerous mechanisms already exist in the present state of the art for controlling (and making secure) access to a computer system (or in equivalent manner to an information system) for entities or organizations such as businesses.
These mechanisms are based essentially on two elements, namely:                defining a policy in terms of access rights expressed using a subject-object-action approach, i.e. such-and-such a subject does or does not have permission to perform such-and-such an action on such-and-such an object; and        implementing this policy on receiving a request from a user seeking to access the resources made available by the computer system, by verifying the user's rights to access the resources.        
By way of example, such mechanisms include the following:                the role-based access control (RBAC) model as described in the document by R. S. Sandhu et al., “Role-based access control models”, IEEE Computer 29(2), pp. 38-47, 1996;        the organization-based access control (OrBAC) model described in the document by A. Abou El Kalam et al., “Organization-based access control”, 4th IEEE International Workshop on Policies for Distributed Systems and Networks, 2003;        the attribute-based access control (ABAC) model as described in the article by E. Yuan, J. Tong, “Attribute-based access control (ABAC) for web services [C]//web services, 2005.ICWS 2005. Proceedings. 2005 IEEE International Conference on. IEEE, 2005; and        the multi-level security (MLS) model described in the following documents: B-E. Bell and L. Lapadula, “Secure computer system united exposition and multics interpretation”, Technical report 1976; and K-J. Biba, “Integrity considerations for secure computer system”, Technical report, 1977.        
The RBAC model introduces the notion of a “role” for representing a set of subjects possessing access rights that are identical. Each role offers permissions, and roles may be allocated to users as a function of their functions and of their responsibilities within a business in order to determine what accesses can be allocated to them or refused.
The OrBAC model relies on the concept of an organization, and serves to model a variety of security policies defined for and by that organization concerning access to its resources. More precisely, the OrBAC model introduces the notions of roles, of activities, and of views in order to define a security policy associated with an organization, in which:                a role is a set of subjects to which the same security rules are applied;        an activity is a set of actions to which the same security rules are applied; and        a view is a set of objects to which the same security rules are applied.        
The ABAC model uses the notion of attributes to model other concepts such as those of roles and organizations in other models. In the document by X. Jin, R. Krishnan, and R. Sandhu, “A unified attribute-based access control model covering DAC, MAC, RBAC” [Data and applications security and privacy XXVI lecture notes in Computer Science Volume 7371, 2012, pp. 41-55], the ABAC model is described as a generic model giving access to other access control models.
The MLS model distributes subjects and objects as a function of their security levels, a subject with a given security level not being able to access an object having a higher security level.
Some embodiments described herein lie more particularly in the context of cloud systems having multiple security domains, known as “multi-tenancy”, where a security domain may be defined as a unity (business, department of a business, workgroup, . . . ) within which a common access control policy is defined.
At present, in most multi-tenant cloud systems, the resources of each tenant are compartmentalized in domains that are independent and mutually sealed off, each tenant managing its own access control policy independently.
Unfortunately, that design prevents co-operation between the various tenants.
Thus, there does not exist at present any solution that makes it possible within a cloud computer network to establish relationships between security domains that use different access control policies.
For example, in the present state of the art, it is not possible to enable a subject in an OrBAC security domain to access a resource in an MLS security domain.
The invention proposes a mechanism for setting up interoperability relationships between different security domains in a cloud network.